I write these piece of text because of a dynamic vpn configuration. I read after a forum question. on CiscoHQ. It is a own part I wrote on the forum. And it may be use full for anyone else who want to use it or can use it.
With on the main site also a VPN client configuration. It may be also useful when you want to make a connection to your own business.
For the Mainoffice see Below
—————————————————————————-
crypto keyring CK_DMVPN
pre-shared-key address 0.0.0.0 0.0.0.0 key <keyname>
crypto logging session
crypto logging ezvpn
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp nat keepalive 15
!
crypto isakmp client configuration group <groupname>
key <cryptokey>
dns <dnsserver local main site>
wins <winsserver local main site>
domain < domain name >
pool ILP_CVPN_CLIENT
acl ACL_CVPN_CLIENT
crypto isakmp profile CIP_CVPN
match identity group <groupname>
client authentication list default
isakmp authorization list default
client configuration address respond
crypto isakmp profile CIP_DMVPN
keyring CK_DMVPN
match identity address 0.0.0.0
!
!
crypto ipsec transform-set CIT_CVPN_3DESSHA esp-3des esp-sha-hmac
crypto ipsec transform-set CIT_DMVPN_3DESSHA esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile CIP_DMVPN
set security-association lifetime seconds 300
set transform-set CIT_DMVPN_3DESSHA
set isakmp-profile CIP_DMVPN
!
!
crypto dynamic-map CDM_CVPN_CLIENT 10
set transform-set CIT_CVPN_3DESSHA
set isakmp-profile CIP_CVPN
!
!
crypto map CMP_CVPN 10 ipsec-isakmp dynamic CDM_CVPN_CLIENT
!
!
!
!
interface Tunnel10
bandwidth 1024 < Not nessacary >
ip address < tunnel ip addres eq 10.10.10.1 255.255.255.0 >
no ip redirects
ip mtu 1440
ip nhrp authentication < 8 letter nhrp key >
ip nhrp map multicast dynamic
ip nhrp network-id 1438
ip nhrp holdtime 600
ip route-cache same-interface
ip route-cache policy
ip route-cache flow
ip tcp adjust-mss 1400
delay 1000
tunnel source < source interface eq FastEthernet4 >
tunnel mode gre multipoint
tunnel key 1438
tunnel protection ipsec profile CIP_DMVPN
For the Remote site use below.
—————————————————————————-
crypto keyring CK_DMVPN
pre-shared-key address 0.0.0.0 0.0.0.0 key <keyname eq main site >
crypto logging session
crypto logging ezvpn
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp nat keepalive 15
crypto isakmp profile CIP_DMVPN
keyring CK_DMVPN
match identity address 0.0.0.0
!
!
crypto ipsec transform-set CIT_DMVPN_3DESSHA esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile CIP_DMVPN
set security-association lifetime seconds 300
set transform-set CIT_DMVPN_3DESSHA
set isakmp-profile CIP_DMVPN
!
!
!
!
!
interface Tunnel10
bandwidth 1032
ip address < tunnel ip addres eq 10.10.10.2 255.255.255.0 >
ip mtu 1440
ip nhrp authentication box_nhrp
ip nhrp map 10.10.10.1 < external IP main office >
ip nhrp network-id 1438
ip nhrp holdtime 600
ip nhrp nhs 10.10.10.1
ip nhrp cache non-authoritative
ip route-cache same-interface
ip route-cache policy
ip route-cache flow
ip tcp adjust-mss 1400
delay 1000
tunnel source < source interface eq fastethernet4 >
tunnel destination < IP address main office >
tunnel key 1438
tunnel protection ipsec profile CIP_DMVPN
Use EIRGP on both sites
—————————————————————————-
router eigrp 10
passive-interface FastEthernet4 of other kind of WAN interface
passive-interface Vlan1
network 10.10.10.0 0.0.0.255
network < Network Main office >
network < Network Remote office 1 >
no auto-summary